× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: cf2f02dc27df3b78ad5bb423da799339d936f3b2fb1253cf7247e5f5418ede7b
File name: CF2F02DC27DF3B78AD5BB423DA799339D936F3B2FB1253CF7247E5F5418EDE7B
Detection ratio: 19 / 70
Analysis date: 2018-12-20 13:31:34 UTC ( 5 months ago ) View latest
Antivirus Result Update
Antiy-AVL Trojan/Win32.Propagate 20181220
Avast Win32:Malware-gen 20181220
AVG Win32:Malware-gen 20181220
Cylance Unsafe 20181220
Cyren W32/Trojan.ZCNS-2545 20181220
DrWeb Trojan.PWS.Spy.21017 20181220
Endgame malicious (high confidence) 20181108
ESET-NOD32 a variant of Win32/GenKryptik.CUKX 20181220
F-Prot W32/Trojan3.ANLX 20181220
Fortinet W32/GenKryptik.CNMT!tr.ransom 20181220
Sophos ML heuristic 20181128
K7AntiVirus Riskware ( 0040eff71 ) 20181220
K7GW Riskware ( 0040eff71 ) 20181220
McAfee GenericRXGR-SX!DBDD91F096D7 20181220
NANO-Antivirus Trojan.Win32.Propagate.flgasr 20181220
Panda Trj/GdSda.A 20181219
Symantec Packed.Generic.537 20181220
Trapmine malicious.moderate.ml.score 20181205
VBA32 TrojanSpy.Noon 20181220
Acronis 20180726
Ad-Aware 20181220
AegisLab 20181220
AhnLab-V3 20181219
Alibaba 20180921
ALYac 20181220
Arcabit 20181220
Avast-Mobile 20181220
Avira (no cloud) 20181220
Babable 20180918
Baidu 20181207
BitDefender 20181220
Bkav 20181219
CAT-QuickHeal 20181220
ClamAV 20181220
CMC 20181219
Comodo 20181220
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
eGambit 20181220
Emsisoft 20181220
F-Secure 20181220
GData 20181220
Ikarus 20181220
Jiangmin 20181220
Kaspersky 20181220
Kingsoft 20181220
Malwarebytes 20181220
MAX 20181220
McAfee-GW-Edition 20181220
Microsoft 20181220
eScan 20181220
Palo Alto Networks (Known Signatures) 20181220
Qihoo-360 20181220
Rising 20181220
SentinelOne (Static ML) 20181011
Sophos AV 20181220
SUPERAntiSpyware 20181220
Symantec Mobile Insight 20181215
TACHYON 20181220
Tencent 20181220
TheHacker 20181216
TotalDefense 20181220
TrendMicro 20181220
TrendMicro-HouseCall 20181220
Trustlook 20181220
ViRobot 20181220
Webroot 20181220
Yandex 20181219
Zillya 20181219
ZoneAlarm by Check Point 20181220
Zoner 20181220
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2016-12-06 11:28:41
Entry Point 0x0000AEF2
Number of sections 5
PE sections
PE imports
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA
GetWindowExtEx
SetMapMode
PatBlt
SaveDC
TextOutA
LPtoDP
GetClipBox
GetDeviceCaps
OffsetViewportOrgEx
DeleteDC
RestoreDC
SetBkMode
SelectObject
IntersectClipRect
BitBlt
SetTextColor
DPtoLP
GetObjectA
CreateBitmap
RectVisible
GetStockObject
CreateDIBitmap
SetViewportOrgEx
ScaleWindowExtEx
SetBkColor
ExtTextOutA
PtVisible
GetTextExtentPointA
CreateCompatibleDC
ScaleViewportExtEx
DeleteObject
GetMapMode
SetWindowExtEx
GetTextColor
CreateSolidBrush
SetViewportExtEx
Escape
GetViewportExtEx
GetBkColor
GetStdHandle
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
HeapDestroy
IsBadCodePtr
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
LocalAlloc
lstrcatA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
GetFullPathNameA
GetOEMCP
LocalFree
InitializeCriticalSection
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
GlobalFindAtomA
HeapAlloc
GetModuleFileNameA
GetVolumeInformationA
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
CreateThread
GlobalAddAtomA
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
TerminateProcess
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
lstrcmpiA
SetEvent
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
FreeLibrary
GetStartupInfoA
UnlockFile
GetFileSize
GlobalDeleteAtom
GlobalLock
CompareStringW
GlobalReAlloc
lstrcmpA
FindFirstFileA
lstrcpyA
GetProfileStringA
CompareStringA
DuplicateHandle
GetProcAddress
GetTimeZoneInformation
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LeaveCriticalSection
GetLastError
LocalReAlloc
LCMapStringW
lstrlenA
GlobalFree
LCMapStringA
GlobalGetAtomNameA
GetThreadLocale
GetEnvironmentStringsW
GlobalUnlock
LockFile
FileTimeToLocalFileTime
GetEnvironmentStrings
WritePrivateProfileStringA
LockResource
WideCharToMultiByte
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
TlsFree
SetFilePointer
ReadFile
GlobalFlags
CloseHandle
lstrcpynA
GetACP
GetVersion
SizeofResource
HeapCreate
VirtualFree
Sleep
IsBadReadPtr
GetProcessVersion
FindResourceA
VirtualAlloc
ResetEvent
VariantChangeType
VariantTimeToSystemTime
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
VariantCopy
SysFreeString
SysAllocStringByteLen
Ord(253)
SetFocus
RegisterClipboardFormatA
GetMessagePos
SetMenuItemBitmaps
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
ClientToScreen
GrayStringA
GetMessageTime
SetActiveWindow
GetDC
GetCursorPos
MapDialogRect
GetDlgCtrlID
GetClassInfoA
GetMenu
UnregisterClassA
SendMessageA
GetClientRect
GetNextDlgTabItem
CallNextHookEx
GetWindowTextLengthA
CopyAcceleratorTableA
GetTopWindow
ExcludeUpdateRgn
GetActiveWindow
GetWindowTextA
EnumWindowStationsW
DestroyWindow
GetMessageA
GetParent
UpdateWindow
SetPropA
ShowWindow
GetPropA
GetNextDlgGroupItem
GetDesktopWindow
EnableWindow
GetDlgItemTextA
PeekMessageA
TranslateMessage
IsWindowEnabled
GetWindow
CharUpperA
LoadStringA
GetWindowPlacement
EnableMenuItem
RegisterClassA
TabbedTextOutA
GetSubMenu
CreateWindowExA
CopyRect
GetSysColorBrush
IsWindowUnicode
ReleaseDC
EndPaint
PtInRect
IsChild
IsDialogMessageA
MapWindowPoints
BeginPaint
OffsetRect
CharNextA
RegisterWindowMessageA
DefWindowProcA
DrawFocusRect
SendDlgItemMessageA
GetSystemMetrics
IsIconic
GetWindowRect
InflateRect
PostMessageA
DrawIcon
SetWindowLongA
RemovePropA
SetWindowTextA
CheckMenuItem
GetWindowLongA
GetLastActivePopup
GetDlgItem
GetMenuCheckMarkDimensions
ScreenToClient
GetClassLongA
CreateDialogIndirectParamA
LoadCursorA
LoadIconA
SetWindowsHookExA
GetMenuItemCount
GetMenuState
GetSystemMenu
GetMenuItemID
SetForegroundWindow
PostThreadMessageA
DrawTextA
IntersectRect
EndDialog
HideCaret
SetWindowContextHelpId
GetCapture
MessageBeep
ShowCaret
AppendMenuA
UnhookWindowsHookEx
SetDlgItemTextA
MoveWindow
MessageBoxA
GetWindowDC
AdjustWindowRectEx
GetSysColor
GetKeyState
SystemParametersInfoA
IsWindowVisible
WinHelpA
SetRect
InvalidateRect
wsprintfA
DefDlgProcA
ValidateRect
CallWindowProcA
GetClassNameA
GetFocus
ModifyMenuA
SetCursor
OpenPrinterA
DocumentPropertiesA
ClosePrinter
GetFileTitleA
SnmpMgrClose
SnmpMgrOpen
SnmpMgrTrapListen
SnmpMgrRequest
SnmpMgrOidToStr
SnmpMgrGetTrap
SnmpMgrStrToOid
OleUninitialize
CLSIDFromString
OleInitialize
StgCreateDocfileOnILockBytes
OleFlushClipboard
CoGetClassObject
CLSIDFromProgID
CoRevokeClassObject
CoFreeUnusedLibraries
CoRegisterMessageFilter
StgOpenStorageOnILockBytes
OleIsCurrentClipboard
CoTaskMemFree
CreateILockBytesOnHGlobal
CoTaskMemAlloc
SnmpUtilOidFree
SnmpUtilMemAlloc
SnmpUtilMemReAlloc
SnmpUtilMemFree
SnmpUtilVarBindListFree
SnmpUtilVarBindFree
SnmpUtilOidNCmp
SnmpUtilOidCpy
Number of PE resources by type
RT_ICON 7
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 8
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

FileTypeExtension
exe

TimeStamp
2016:12:06 12:28:41+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
139264

LinkerVersion
6.0

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

EntryPoint
0xaef2

InitializedDataSize
229376

SubsystemVersion
4.0

ImageVersion
0.0

OSVersion
4.0

UninitializedDataSize
0

File identification
MD5 dbdd91f096d7cca81243190c4369b22f
SHA1 8d076d284c84c7c7d846678af42ddef65e236afa
SHA256 cf2f02dc27df3b78ad5bb423da799339d936f3b2fb1253cf7247e5f5418ede7b
ssdeep
3072:cV8Lsp0FEnMjx1tMeWmrObU9EFifXW4s4S4IJD6ow7UbyNdifWadsc8ohKEbiF0:XLmS8Mjx1LWmabWhlSDN+dif58XhK

authentihash a0382657baa672117324806c7c2aac043df07e15c82ab812d74745d8d5a1aecc
imphash 78bea0cb69e7b6b5028e66c9f180453a
File size 364.0 KB ( 372736 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (35.0%)
Win64 Executable (generic) (31.0%)
Windows screen saver (14.7%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Tags
peexe

VirusTotal metadata
First submission 2018-12-20 13:31:34 UTC ( 5 months ago )
Last submission 2018-12-21 15:07:47 UTC ( 4 months, 4 weeks ago )
File names oset.jpg
1.pif.2.dr
output.114750308.txt
liwx.jpg
output.114757066.txt
output.114721980.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Runtime DLLs